Merge "security group denies TCP flows when chassis-snat is enabled"
This commit is contained in:
commit
874a2e06ca
|
@ -162,6 +162,7 @@ class ChassisSNATApp(df_base_app.DFlowApp, snat_mixin.SNATApp_mixin):
|
|||
self._install_snat_ingress_after_conntrack(
|
||||
lport.unique_key,
|
||||
lport.mac,
|
||||
lport.lswitch.unique_key,
|
||||
self.external_host_mac)
|
||||
|
||||
def remove_lport_based_flows(self, lport):
|
||||
|
|
|
@ -209,6 +209,7 @@ class SNATApp_mixin(object):
|
|||
def _install_snat_ingress_after_conntrack(self,
|
||||
unique_key,
|
||||
vm_mac,
|
||||
network_id,
|
||||
external_host_mac):
|
||||
"""complements reverse sNAT translation from unique IP to tenant IP
|
||||
|
||||
|
@ -236,12 +237,13 @@ class SNATApp_mixin(object):
|
|||
parser.NXActionRegMove(
|
||||
src_field='ct_label',
|
||||
dst_field='ipv4_dst',
|
||||
n_bits=32)
|
||||
n_bits=32),
|
||||
parser.OFPActionSetField(metadata=network_id),
|
||||
]
|
||||
action_inst = parser.OFPInstructionActions(
|
||||
ofproto.OFPIT_APPLY_ACTIONS, actions)
|
||||
goto_inst = parser.OFPInstructionGotoTable(
|
||||
const.INGRESS_DISPATCH_TABLE)
|
||||
const.INGRESS_DESTINATION_PORT_LOOKUP_TABLE)
|
||||
inst = [action_inst, goto_inst]
|
||||
|
||||
self.mod_flow(
|
||||
|
|
|
@ -12,6 +12,7 @@
|
|||
from oslo_config import cfg
|
||||
|
||||
from dragonflow.controller.common import constants as const
|
||||
from dragonflow.db.models import l2
|
||||
from dragonflow.tests.common import utils
|
||||
from dragonflow.tests.fullstack import test_base
|
||||
from dragonflow.tests.fullstack import test_objects as objects
|
||||
|
@ -26,13 +27,15 @@ class TestSnatFlows(test_base.DFTestBase):
|
|||
return SNAT_APP_NAME in cfg.CONF.df.apps_list
|
||||
|
||||
def _check_port_based_flows(self,
|
||||
flows, hex_port_key, external_host_mac, mac):
|
||||
flows, hex_port_key,
|
||||
hex_lswitch_key, external_host_mac, mac):
|
||||
match = 'ct_mark=' + hex_port_key + ',ip'
|
||||
action = 'set_field:' + external_host_mac + '->eth_src' \
|
||||
',set_field:' + mac + '->eth_dst' \
|
||||
',load:' + hex_port_key + '->NXM_NX_REG7[]' + \
|
||||
',move:NXM_NX_CT_LABEL[0..31]->NXM_OF_IP_DST[]' + \
|
||||
',goto_table:' + str(const.INGRESS_DISPATCH_TABLE)
|
||||
',set_field:' + hex_lswitch_key + '->metadata' + \
|
||||
',goto_table:' + str(const.INGRESS_DESTINATION_PORT_LOOKUP_TABLE)
|
||||
|
||||
port_based_ingress = None
|
||||
for flow in flows:
|
||||
|
@ -82,9 +85,12 @@ class TestSnatFlows(test_base.DFTestBase):
|
|||
exception=Exception('No port assigned to VM')
|
||||
)
|
||||
port_key = port.unique_key
|
||||
network_key = network.nb_api.get(
|
||||
l2.LogicalSwitch(id=network_id)).unique_key
|
||||
r = self._check_port_based_flows(
|
||||
ovs.dump(self.integration_bridge),
|
||||
hex(port_key),
|
||||
hex(network_key),
|
||||
external_host_mac,
|
||||
mac)
|
||||
for key, value in r.items():
|
||||
|
|
Loading…
Reference in New Issue